Don't Wait Until After You've Been Compromised...
Ransomware is the most recent game-changing form of malicious malware impacting businesses of all sizes and industries. Regardless of your investment in “Guns, Gates and Guards,” “Defense in Depth” with IDS and IPS, you will always have the "Human in the Loop". Security education and awareness training plays an integral role in your proactive defense strategy. Unfortunately, there is no 100%, fool-proof "fix" in existence that you can buy or install. If your business hasn’t experienced a compromise already, you or one of your business partners will likely experience ransomware at some point in 2018. Recovering from ransomware attacks hinge on establishing and deploying a resilient backup and recovery strategy before a compromise. It’s a key strategy that is often overlooked until after-the-fact. IIA can help you build a scalable, resilient, economic recovery strategy to ensure you are able to protect your critical information, minimizing your down time, deploying scalable solutions while being good stewards of your budget.
We focus on the most overlooked aspect of your company’s operations: “SECURITY”. We are your trusted partner in secure design, configuration, operation, and monitoring of your secure technology solutions where protection of sensitive business information is key to your success. (FISMA | HIPAA & HITECH | PCI )
Our solutions empower CxOs with the knowledge and tools for a balanced approach to securing their enterprise and provided them tactics to achieve a reasonable standard with reduced liability for enterprise cyber security.
We embrace a "Crawl, Walk, Run" delivery strategy, recognizing the value of a phased, yet resilient assessment and operational models. It’s impossible to completely eliminate the threat. It is important however to understand the threats, and our commitment to help educate you about the ever evolving threats, their third-order-effects, and help build resilient recovery strategies to minimize down time should you be impacted directly or indirectly by today’s cyber threats. We also recognize you’ve likely not budgeted for the unintended consequences of a data breach and work directly with your leadership team to guide them through the cyber incident response planning process, development of your Cyber Incident Response Team (CIRT), and preparedness training, walking them through hands-on table-top exercises.
InfoSec & Threat Intelligence Core Offerings
Incident Response Planning; Disaster Recovery & Digital Forensics
While it’s difficult to fully prepare a business for the unexpected data breach or cyber-attacks, having a trained Cyber Incident Response Team (CIRT) and incident response plans can be the difference between business success and failure to fully recover. We help companies build their business continuity plans from the ground up, many times with little or NO starting point of a base document. It’s not a matter of "IF" a company will be breached or lose data... it’s "WHEN". ...and when that day happens, the successful companies are the ones with a recovery plan to protect their Intellectual Property (IP). ...or "Crown Jewels".
Passive Network Assessments
We engage new customers through approved Passive Network Assessments (PNAs), which we often offer as a low-cost alternative to penetration testing. Network assessments help evaluate the current state of an organization’s network security in its current environment. Through a methodical, Macro-to-Micro approach, we identify problem areas, misconfigurations, pinholes, vulnerabilities, gaps in their intended technology configuration, resource utilization; as well as evaluating the network’s ability to support the current and future requirements of the organization, identifying potential points of compromise. We work with your IT Staff to become a resource for them.
Penetration Testing & Vulnerability Assessments
We assess systems with a combination of open source, commercial, and proprietary tools to identify security vulnerabilities of external-facing systems, internal networks, or both. We perform active-attacks to confirm the existence of vulnerabilities and reduce false positives. We actively exploit vulnerabilities to compromise systems and attempt to expand the attack through privilege escalation and launching attacks on other systems. We target systems at the network and/or application layers, as well as other external access points including modems and wireless LANs. We prioritize vulnerabilities and author detailed reports with specific remediation instructions.
Security Strategy & Governance
We will define an enterprise approach for assessing, prioritizing, managing, and monitoring security risks. Achieve senior executive and board awareness and buy-in. Establish a business-driven governance process for the information security program. Help define security risk tolerance posture for the organization and an approach for making cost-benefit decisions with respect to accepting security risk. Define the desired end-state for security and identifying gaps from the current state. Establish short and long-term plans for achieving the end-state.
Security Policy and Procedure Development
We will guide you through drafting a suite of security policies, procedures, and standards that are customized to the specific needs and risk posture of the organization. Clarify roles and responsibilities for key security control requirements. Identify mechanisms to demonstrate compliance and measure/report violations.